True or false: Companies born in the cloud naturally understand security.
Young and tech-savvy companies running in the cloud often deal with the same cloud security issues as larger organizations that are moving to the cloud from legacy or on-prem solutions. In fact, the unique requirements of tech companies — like continuous development cycles and cutting-edge, rapidly evolving processes — can sometimes add even more complexity to security. If you fall into this camp, you may find this blog useful. In it, we’ve rounded up some of our best advice so you can learn how to strengthen your cloud security posture and start building out a cloud security strategy starting now, without a big drain on your budget and resources. Read more “5 Cloud Security Tips for Emerging Tech Companies”
At the beginning of this year, Gartner projected that the global public cloud services market would grow to $246.8 billion in 2017, up 18% from $209.2 billion in 2016. Given the many high-value benefits it promises, it’s no wonder that moving to the cloud is the holy grail for many organizations.
When the decision to migrate is based on the right reasons, and when a migration is planned and managed according to proven best practices, the results can fundamentally transform an organization’s business model and create major competitive advantages. But migrating is a complex process, and if best practices aren’t followed, the promises of the cloud can remain out of reach or be delivered in a sub-optimal manner.
To make sure your migration gets off to a strong start, we are releasing our latest eBook — Moving to the Cloud? Your Guide to Planning a Secure and Frictionless Migration.
Read more “New eBook: Moving to the Cloud? Your Guide to Planning a Secure & Frictionless Migration”
How would you know if your prevention methods failed to catch a critical threat? One of two ways: Either a customer, an auditor, or another third party would find out about it (an embarrassing situation for you) or you could get lucky and find it yourself — which is rare without detection.
Prevention techniques and technologies (e.g., security controls, firewalls, encryption, antivirus), are designed to block an attacker from getting in, and can be critical to your security strategy. However, they can’t be the only defense you have in place. If history is any indicator (and we believe it is), attackers will find a way in. So, as a defender, you also need the ability to detect threats once they are inside your modern cloud infrastructure. That’s why companies are shifting their focus to detection techniques and technologies (e.g., monitoring, alerting).
In this post, we’ll explain what detection does that prevention cannot, what to watch out for if you’re relying on prevention alone, and how you can use them in parallel. Read more “Prevention Isn’t Enough. Why All Companies Need Detection Too”
As you probably know by now, containers are a high-priority topic at companies of all sizes. But there are a lot of myths surrounding this technology as well, in part because it is new and unfamiliar territory for most, and simply because the technology is so young.
In this post, we’ll debunk five of the pervasive myths and misunderstandings that surround containers, with a focus on Docker (since it is currently the most widely adopted container technology by a sizeable margin). Let’s dive in. Read more “5 Common Myths Around Moving to Docker”
“We really appreciate Threat Stack’s great customer support and its Oversight team. Threat Stack takes feedback seriously and ensures that the customer’s voice is always heard. At HelloSign we are committed to making our users awesome, and we were pleased to see that Threat Stack shares the same belief.” — Raaghav Srinivasan, Security Engineer at HelloSign
HelloSign is powering the future of intelligent business. The company’s software platform — which includes eSignature, digital workflow, and electronic fax solutions — converts process to revenue for over 50,000 companies around the world with HelloSign, HelloWorks, and HelloFax. When HelloSign needed to strengthen its security posture, accelerate security responses, and simplify compliance as it continued to scale, they chose Threat Stack. Read more “Why HelloSign Chose Threat Stack to Accelerate Security Responses and Simplify Compliance”
Time-to-detection is everything these days. If you don’t find a breach yourself, chances are someone else will. A recent study points out that up to 27% of breaches are discovered by third parties. This includes vendors or partners you work with, auditors, and probably most damaging of all — your customers.
The problem most companies are grappling with today is how to cut time-to-detection to ensure that they are the first ones to know about an issue, and in a way that won’t put a resource drain on the team. Last Thursday, Chris Gervais, Threat Stack’s VP of engineering, sat down with George Vauter, a senior software security engineer for Genesys, Jarrod Sexton, the lead information security manager for Genesys, and Scott Ward, the solutions architect at Amazon Web Services (AWS), to have a frank discussion about this in a webinar format.
Genesys is a leader in omnichannel customer experience and customer engagement software, with both on-premise and cloud-based offerings. PureCloud, their cloud-native microservice platform, is run on AWS, so the team has extensive experience launching and scaling in the cloud, as well as building a “secure-by-design” platform.
In our conversation, Genesys outlined several important steps that all companies should be implementing to reduce their time-to-detection, which we wanted to further highlight in today’s post. Read more “How to Cut Time-to-Security-Incident-Detection on AWS”
Gartner predicts that 95% of cloud security failures from now until 2020 will be the customer’s fault. That means when something goes wrong, it’s probably not AWS or Azure’s fault. Chances are, you have to point the finger at your organization.
Or — better yet — you could take the necessary and proactive steps to minimize the likelihood that you’ll become one of the cloud security failures. The good news is that it’s pretty easy to find out what you need to do. Below we’ll outline the steps to make sure that you stay out of the headlines and out of the statistics. Read more “Whose Fault is That? How NOT to Be a Cloud Security Statistic”
SOC 2 compliance is a crucial framework for technology and cloud computing companies today. As with many other compliance mandates, it is not a simple connect-the-dots proposition, but rather a complex set of requirements that must be reviewed and carefully addressed. But it doesn’t have to be overwhelming. Below, we’ll break down nine of the most common basic questions that we hear about SOC 2. Think of it as a 101 on SOC 2.
Read more “9 Common Questions About SOC 2 Compliance”
Kevin Durkin — CFO of the Year
The Boston Business Journal recently named Threat Stack’s Kevin Durkin CFO of the Year (Private Companies Category). The award was given as part of BBJ’s ninth-annual CFO of the Year Awards program which honors “CFOs who make a difference in their companies and organizations”. Read more “Boston Business Journal Names Threat Stack’s Kevin Durkin “CFO of The Year””
If you are currently running an on-premise or hybrid environment with an eye to eventually making a complete transition to the cloud, you may be feeling a bit overwhelmed by everything that needs to change in order for your security posture to be appropriate for this new environment. In this post, we’re going to explain how you can start where you are, take small but meaningful steps, and still make important progress toward where you want to be — operating securely in the cloud.
Without trying to boil the ocean, here are five key steps you can take to gently kickstart your transition toward a fully secure, all-cloud environment, no matter where you are today. Read more “Not Ready for Cloud Security? Here Are 5 Things You Can Do in the Meantime”